Your data is safe. We can prove it.
Every merchant, every subscriber, every transaction — protected by industry-leading privacy, security, and compliance standards.
Putting your privacy first
Our merchants and partners can trust that we value privacy and comply with GDPR, CCPA, and every standard that matters to your business. We believe privacy isn't a checkbox it's a commitment we embed into every product decision, every data pipeline, and every third-party integration.
Privacy Policy
Secure and responsible data practices — how we handle what's yours.
Privacy & AI
How we comply with AI regulations for global merchants and partners.
Cookie Policy
How we use cookies to improve your experience and personalise content.
Data Processing Agreement
Personal data handling in line with privacy laws and your requirements.
Built secure from day one
Security isn't bolted on — it's woven into every layer of our platform, from infrastructure to every line of code.
Born in the cloud
Hosted on Google Cloud Platform (GCP) — independently verified against PCI DSS, SOC 2&3, and ISO 27000 standards with global redundancy.
Active bug bounty
We maintain an active bug bounty program and work with third-party organisations to continuously validate and harden our security controls.
Product security
Every feature ships through a rigorous security review cycle. Our framework integrates security best practices into each phase of software development.
Operational security
Automated intelligence and skilled reviewers working around the clock. Our operational procedures include:
Building security into everything we do
Security is central to our business. We use rigorous practices, processes, and tools to protect your data and continuously strengthen our platform.
Your store never sleeps. Neither do we.
Easy Subscriptions runs on Google Cloud Platform with a recovery strategy that leverages GCP's global infrastructure — designed so your subscription business stays online no matter what. We maintain clear Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO) and publish real-time system performance to our public status page.
Objective (RTO)
Objective (RPO)
infrastructure
updates
Certified. Audited. Accountable.
Beyond our hosting platform's compliance, Easy Subscriptions meets key industry standards at every layer — from payment security to data handling to accessibility.
We are PCI DSS certified and maintain a SOC 2 Type II report, independently verifying that our controls work as designed. We also take active steps to ensure our platform is usable by all individuals.
Need a copy of our SOC 2 report or compliance documentation? Request it below — we'll respond within one business day.
"We chose Easy Subscriptions because their compliance posture matched ours. PCI DSS, SOC 2, GDPR — everything we needed was already there."
— Head of Engineering, 7-figure DTC brand
PCI DSS
Payment Card Industry Data Security Standard — certified
SOC 2 Type II
Service Organization Control — independently verified
GDPR
EU General Data Protection Regulation — fully compliant
CCPA
California Consumer Privacy Act — compliant
ADA
Americans with Disabilities Act — accessibility reviewed
Frequently Asked Questions
Yes. We are PCI DSS certified, which means we meet the highest standard for payment card data security. Card data is encrypted at rest with AES-256 and in transit via TLS 1.3. We never store raw card numbers on our servers.
We maintain 24/7 incident handling with defined escalation paths. In the event of a breach, we follow our incident response plan, notify affected parties as required by law, and publish a post-mortem to our status page.
Yes. Use the compliance document request form above and we'll send the SOC 2 Type II report within one business day. NDA may be required for some documentation.
All data is hosted on Google Cloud Platform (GCP), which complies with an independently verified set of standards including PCI DSS, SOC 2 & 3, and ISO 27000. We leverage GCP's global infrastructure for redundancy and resilience.
Yes. We comply with both GDPR (EU) and CCPA (California). We provide Data Processing Agreements (DPAs) for merchants who require them, and we honor all data subject rights including access, deletion, and portability requests.
Yes. We maintain an active bug bounty program and also contract with third-party security organisations to conduct regular penetration tests. If you discover a vulnerability, please report it via our responsible disclosure page.




Subscription Audit